From a9deda7d1726bf5e39e56bbe268744042f7e1562 Mon Sep 17 00:00:00 2001 From: Ziyang Zhou Date: Sun, 9 May 2021 23:27:12 +0800 Subject: [PATCH 1/7] fix booting --- init/init.cpp | 13 +++++++++++-- init/log.cpp | 2 ++ init/property_service.cpp | 0 init/selinux.cpp | 2 ++ init/service.cpp | 3 ++- init/util.cpp | 3 ++- rootdir/init.rc | 21 ++++++++++----------- 7 files changed, 29 insertions(+), 15 deletions(-) mode change 100644 => 100755 init/init.cpp mode change 100644 => 100755 init/property_service.cpp diff --git a/init/init.cpp b/init/init.cpp old mode 100644 new mode 100755 index 4fe115e92..bf57f50c9 --- a/init/init.cpp +++ b/init/init.cpp @@ -576,6 +576,7 @@ int main(int argc, char** argv) { mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755"); mkdir("/dev/pts", 0755); mkdir("/dev/socket", 0755); + unshare(CLONE_NEWCGROUP); // HACKED mount("devpts", "/dev/pts", "devpts", 0, NULL); #define MAKE_STR(x) __STRING(x) mount("proc", "/proc", "proc", 0, "hidepid=2,gid=" MAKE_STR(AID_READPROC)); @@ -635,8 +636,16 @@ int main(int argc, char** argv) { setenv("INIT_STARTED_AT", std::to_string(start_ms).c_str(), 1); char* path = argv[0]; - char* args[] = { path, nullptr }; - execv(path, args); + std::vector args = {}; + std::string cmdline; + android::base::ReadFileToString("/proc/self/cmdline", &cmdline); + std::replace(cmdline.begin(), cmdline.end(), '\0', ' '); + auto cmd_vector = android::base::Split(android::base::Trim(cmdline), " "); + for (const auto& entry : cmd_vector) { + args.push_back(entry.c_str()); + } + args.push_back(nullptr); + execv(path, const_cast(args.data())); // execv() only returns if an error happened, in which case we // panic and never fall through this conditional. diff --git a/init/log.cpp b/init/log.cpp index 6198fc25f..eaef5d3d8 100644 --- a/init/log.cpp +++ b/init/log.cpp @@ -53,6 +53,7 @@ static void InitAborter(const char* abort_message) { } void InitKernelLogging(char* argv[]) { +#if 0 // HACKED // Make stdin/stdout/stderr all point to /dev/null. int fd = open("/sys/fs/selinux/null", O_RDWR); if (fd == -1) { @@ -66,6 +67,7 @@ void InitKernelLogging(char* argv[]) { dup2(fd, 2); if (fd > 2) close(fd); +#endif android::base::InitLogging(argv, &android::base::KernelLogger, InitAborter); } diff --git a/init/property_service.cpp b/init/property_service.cpp old mode 100644 new mode 100755 diff --git a/init/selinux.cpp b/init/selinux.cpp index 0ba5c4ae3..eb9ace2da 100644 --- a/init/selinux.cpp +++ b/init/selinux.cpp @@ -382,6 +382,8 @@ bool LoadPolicy() { } // namespace void SelinuxInitialize() { + setenv("INIT_SELINUX_TOOK", "0", 1); + se_hack(); Timer t; LOG(INFO) << "Loading SELinux policy"; diff --git a/init/service.cpp b/init/service.cpp index 37d3a8807..ffbd5a5a0 100644 --- a/init/service.cpp +++ b/init/service.cpp @@ -67,6 +67,7 @@ namespace android { namespace init { static Result ComputeContextFromExecutable(const std::string& service_path) { + se_hack1("HACKED"); std::string computed_context; char* raw_con = nullptr; @@ -369,7 +370,7 @@ void Service::Reap(const siginfo_t& siginfo) { if ((flags_ & SVC_CRITICAL) && !(flags_ & SVC_RESTART)) { if (now < time_crashed_ + 4min) { if (++crash_count_ > 4) { - LOG(FATAL) << "critical process '" << name_ << "' exited 4 times in 4 minutes"; + LOG(ERROR) << "critical process '" << name_ << "' exited 4 times in 4 minutes"; } } else { time_crashed_ = now; diff --git a/init/util.cpp b/init/util.cpp index 4455b2eb1..5d83fc5a6 100644 --- a/init/util.cpp +++ b/init/util.cpp @@ -245,7 +245,8 @@ int wait_for_file(const char* filename, std::chrono::nanoseconds timeout) { void import_kernel_cmdline(bool in_qemu, const std::function& fn) { std::string cmdline; - android::base::ReadFileToString("/proc/cmdline", &cmdline); + android::base::ReadFileToString("/proc/self/cmdline", &cmdline); // HACKED + std::replace(cmdline.begin(), cmdline.end(), '\0', ' '); // HACKED for (const auto& entry : android::base::Split(android::base::Trim(cmdline), " ")) { std::vector pieces = android::base::Split(entry, "="); diff --git a/rootdir/init.rc b/rootdir/init.rc index b9464e7fd..aee250bdd 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -163,28 +163,28 @@ on init # this ensures that the cpusets are present and usable, but the device's # init.rc must actually set the correct cpus mkdir /dev/cpuset/foreground - copy /dev/cpuset/cpus /dev/cpuset/foreground/cpus - copy /dev/cpuset/mems /dev/cpuset/foreground/mems + copy /dev/cpuset/cpuset.cpus /dev/cpuset/foreground/cpuset.cpus + copy /dev/cpuset/cpuset.mems /dev/cpuset/foreground/cpuset.mems mkdir /dev/cpuset/background - copy /dev/cpuset/cpus /dev/cpuset/background/cpus - copy /dev/cpuset/mems /dev/cpuset/background/mems + copy /dev/cpuset/cpuset.cpus /dev/cpuset/background/cpuset.cpus + copy /dev/cpuset/cpuset.mems /dev/cpuset/background/cpuset.mems # system-background is for system tasks that should only run on # little cores, not on bigs # to be used only by init, so don't change system-bg permissions mkdir /dev/cpuset/system-background - copy /dev/cpuset/cpus /dev/cpuset/system-background/cpus - copy /dev/cpuset/mems /dev/cpuset/system-background/mems + copy /dev/cpuset/cpuset.cpus /dev/cpuset/system-background/cpuset.cpus + copy /dev/cpuset/cpuset.mems /dev/cpuset/system-background/cpuset.mems # restricted is for system tasks that are being throttled # due to screen off. mkdir /dev/cpuset/restricted - copy /dev/cpuset/cpus /dev/cpuset/restricted/cpus - copy /dev/cpuset/mems /dev/cpuset/restricted/mems + copy /dev/cpuset/cpuset.cpus /dev/cpuset/restricted/cpuset.cpus + copy /dev/cpuset/cpuset.mems /dev/cpuset/restricted/cpuset.mems mkdir /dev/cpuset/top-app - copy /dev/cpuset/cpus /dev/cpuset/top-app/cpus - copy /dev/cpuset/mems /dev/cpuset/top-app/mems + copy /dev/cpuset/cpuset.cpus /dev/cpuset/top-app/cpuset.cpus + copy /dev/cpuset/cpuset.mems /dev/cpuset/top-app/cpuset.mems # change permissions for all cpusets we'll touch at runtime chown system system /dev/cpuset @@ -323,7 +323,6 @@ on post-fs # Once everything is setup, no need to modify /. # The bind+ro combination avoids modifying any other mount flags. - mount rootfs rootfs / remount bind ro # Mount shared so changes propagate into child namespaces mount rootfs rootfs / shared rec # Mount default storage into root namespace -- 2.34.1